CVE-2021-44228: Apache Log4j Vulnerability

You may have recently heard or read about a new vulnerability which has been found in the Apache Log4j logging library. This is a common library which is used in many devices and platforms, versions 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 have features which do not protect against attacker controlled LDAP and other JNDI endpoints.

For more information please take a look at the NIST vulnerability database entry: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Our Vendors

We work closely with all our vendor partners and have been in contact with them to find out which, if any, of their systems might be affected by this vulnerability.

Plasma Cloud	As the Plasma Cloud platform is (mostly) Java-free their solution is not affected by this vulnerability.
Grandstream	All the Grandstream products, including devices, cloud platforms and software, are unaffected by the vulnerability https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en
Commscope Ruckus	Commscope have released a security advisory (ID20211213) stating that the following products are not vulnerable: All Access Points (including Unleashed APs), Cloudpath, ICX Switches, Unleashed, and ZoneDirector. If you are using Ruckus cloud, Smartzone or Unleashed Multi-site Manage (UMM) please contact our support team for more information on how to get security patches for these platforms once they are made available, if they have been found to be affected.

If you have any other concerns about this vulnerability please feel free to contact our support team who will be happy to discuss this with you.